From patchwork Wed Oct 30 07:47:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yuezhang.Mo@sony.com" X-Patchwork-Id: 13856090 Received: from mx08-001d1705.pphosted.com (mx08-001d1705.pphosted.com [185.183.30.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1E0B433E1 for ; Wed, 30 Oct 2024 07:47:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=185.183.30.70 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730274451; cv=fail; b=QE49j1Hv28bAnJbq7vc0zsrolnfd++Z7h9kMPM8zGwtghQzvK04yBG/4sRc9Jsr6gMUkrYECKZfuHvfjjrpZr87KKAZ1kEDpFc7D46pjOfuun8+0efetc/98I6qpuGKiuCMXLRmcFU1WE0FrxDJpVXhFItfF74fGqffVzFA4zs0= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730274451; c=relaxed/simple; bh=iNKhIhXEWDnCBbbzVO0gz3AwNH5uIqTmB0NfOx8oQH4=; h=From:To:CC:Subject:Date:Message-ID:Content-Type:MIME-Version; b=uAqAU2a+xU4ivWETHJpEUnJikHxkaK5DsoUY5xYAax9R0zKs9q4nXnwHS003Rk7FWVHH03zVwF/asAgQFvXFiakSAUuugVS7+XAzFhXoAS/yGE81TUJwSGF2DTSd3E+xfMMgnXgxfNMwxCnRet2nu+foVdHqDXoNJpQShzKr2Qs= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=sony.com; spf=pass smtp.mailfrom=sony.com; dkim=pass (2048-bit key) header.d=sony.com header.i=@sony.com header.b=fKkw2k+y; arc=fail smtp.client-ip=185.183.30.70 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=sony.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=sony.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=sony.com header.i=@sony.com header.b="fKkw2k+y" Received: from pps.filterd (m0209322.ppops.net [127.0.0.1]) by mx08-001d1705.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 49U6P3QF018401; Wed, 30 Oct 2024 07:47:18 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sony.com; h=cc :content-transfer-encoding:content-type:date:from:message-id :mime-version:subject:to; s=S1; bh=iNKhIhXEWDnCBbbzVO0gz3AwNH5uI qTmB0NfOx8oQH4=; b=fKkw2k+y2qas9MZdn7q47LmbhS0u2om/5b3rP+jRHpxQZ V0q22H/DdLvKMNCGm7zGZsCBKUvhvOHZtkl1ECU7Zj3qsshrNiFGAJL/BR89Q+ZT ZetJbY6E9Ajv0GDV+9vlS1GD4vIcqe3Fg2GxejYMd/0FnuM8j0urZXPVpUyhKVQU MbtDFytruqgp7c/OgY42xXlOx28Dpd4tKaz+fhHGIkcnkuOltcnS3BYU+4P7TPs3 qXotz1yVOaiTXBAL0hF9BZ3iiaXfH/9eNFrXRV6BIDD1dWc1urCSpGbWQubRz9Db eEZ847N93hG0PGszsceC1bE8Bmv1LogRZQ7iSXMtg== Received: from apc01-tyz-obe.outbound.protection.outlook.com (mail-tyzapc01lp2044.outbound.protection.outlook.com [104.47.110.44]) by mx08-001d1705.pphosted.com (PPS) with ESMTPS id 42k2yprm69-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 30 Oct 2024 07:47:18 +0000 (GMT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=V3mxkD+xhiq3Sa3WVyHeOVJWPgxeqzCbHpYtD0gzqbRRhXH8fRponjZkYjyiGHpbYCfDWXur4uLnrcNE5og6mwdjDtNKXd91YICC9JdgjLsKSSz9aeQeW49l4NAwVAGVI37I3X0H0cxVxQsqH9/iPh0xNpiAZUOzpXfYZ39U0mW+CykgQB0MGpbb0eJ3csMHFD1CSrIQV7opE8Sv4IuNfqP7UQQmcFL/SOFYqM7YNqejYIn4qjLHcJRj31FDiQ2RZVsE2J4ZboQKkNWsC2sEOw637GkLpugPkymZKWhwB4k7x8EmEiKtQJNwjwHZUKdpiRj+5UWOelGoO/rWFWk5HQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=iNKhIhXEWDnCBbbzVO0gz3AwNH5uIqTmB0NfOx8oQH4=; b=m0xF5ZUpOuZzVZL4VRf2R4TuF1mGKkuM50buAeFVI+R81gtheo2V6Jw+mVd+UnGeCsydjCXy9Dt5T0lOdSeuknXuVbj8T8U4B7NFdc/hG66KntQ84OSq73OI3lr+zWqtU+AMstAVqWmtd/WGIPw25e5evU+ecHGYyI+3455Zo5Xe/p7u8eOvwOmr6WSqNPy2/QYbxldl2d5+5Qok0RH55UQgviEToYwwrmNVTXGaHbLHqTuJQ7UzOPFHXzqvnob/MBiA0qkJJ1K+ROPXjK8f7ra1TagwTynsSkzk+cEdP7fhE4OMI7zu3FBhR4W0Q8w6oB22Flt+MnqFK36TqfEOdQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=sony.com; dmarc=pass action=none header.from=sony.com; dkim=pass header.d=sony.com; arc=none Received: from PUZPR04MB6316.apcprd04.prod.outlook.com (2603:1096:301:fc::7) by KL1PR04MB7707.apcprd04.prod.outlook.com (2603:1096:820:118::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8093.25; Wed, 30 Oct 2024 07:47:08 +0000 Received: from PUZPR04MB6316.apcprd04.prod.outlook.com ([fe80::409e:64d3:cee0:7b06]) by PUZPR04MB6316.apcprd04.prod.outlook.com ([fe80::409e:64d3:cee0:7b06%4]) with mapi id 15.20.8093.024; Wed, 30 Oct 2024 07:47:08 +0000 From: "Yuezhang.Mo@sony.com" To: "linkinjeon@kernel.org" , "sj1557.seo@samsung.com" CC: "linux-fsdevel@vger.kernel.org" Subject: [PATCH v1 1/2] exfat: fix out-of-bounds access of directory entries Thread-Topic: [PATCH v1 1/2] exfat: fix out-of-bounds access of directory entries Thread-Index: Adso6MYudKFLPgEhSt2gIu9iyL//KQBtkhbw Date: Wed, 30 Oct 2024 07:47:08 +0000 Message-ID: Accept-Language: en-US, zh-CN Content-Language: zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: PUZPR04MB6316:EE_|KL1PR04MB7707:EE_ x-ms-office365-filtering-correlation-id: f9a52bce-40cd-4420-d723-08dcf8b70e76 x-proofpoint-id: d8690225-876f-412f-87c6-a7cb45557a4c x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|366016|376014|1800799024|38070700018; x-microsoft-antispam-message-info: =?utf-8?q?wNzfMy+0PA+SMH7EPsmYaV/mYz4W4nk?= =?utf-8?q?teEmk/1YIyFuX4r6dcDWUv4xevaf/bWFR+P/cN784ZkQRLmmMK16Iay/tHWOjFe5M?= =?utf-8?q?0cxKM9elh6qRVJqHFpYkbZtuXG3xd7p3RScIcTk53MQGo57SxHXFVvk3j2MppvCp3?= =?utf-8?q?lhGpKfzs4MXOUHnuJ89uMrT3f11Osu9Nddt7BOsdTyip83gqJdMKi++v+qxUN9dpW?= =?utf-8?q?ikNiZ9WRH5mcJwFf3rAwsXiUt60dVYrzZJyICbljRvsM289Q5zrW6YkeERyTeLLtC?= =?utf-8?q?YtzWWZt93jU2wz0DS/Ot7v6b8RNSDUlGTIKCy2DxfLG20PlxKUasNcO/haPJVbeQf?= =?utf-8?q?3FUjQk4fgbNAEBjXi7vSZCDPnEHcsiOFZvGXtONkO0JPLUHNCV46adt8V/I9SMUe0?= =?utf-8?q?2FQ0Df4eXSAVsi8igXc+F+QWFUj/2Jpp+tsQG4NdFXHp2fY3imgVwiq+wEylIELZU?= =?utf-8?q?HY3AWAAoNnJD38/fFDev5o93LEM9Cri6UEYWvrGd43l5jI0okGIHqH3MID1HK7bcT?= =?utf-8?q?goyzihRmJvHOvFVbH6Hvdpb7sgOMYpNxE1kebkncx9uj646uhh7bLIK6EGeAA33ZX?= =?utf-8?q?yYe3XW4dUlC6GVbTNC5BMcMDxlm/NSjGNa0QAOc0RaSMKn1xO8sUyvALiNHn9mqHA?= =?utf-8?q?OhpbbbUS1yJS8WXf+fSD0tMscaDIMDLDldeMQ+QZRQflWUdaRmungCdSNPtFUsBAm?= =?utf-8?q?gsO+PQN5KwbCbvrwS2qXD0mBIAs8PVa8YoddEV7z5fr7QmXMhyjBowjJg7ZT+JhJu?= =?utf-8?q?S+CzEFguRpMZfIFxbXr+J2Bw7+9eVyyOJCw/ziQFTBkmd62vQ8C5QcoPXWBvdTB0B?= =?utf-8?q?zs1X2xxluP4uPOAW5xnrelyKFcP80AOkI4ndTAL/7ewo4Ih9NAaAQp8bMsgbYHsMd?= =?utf-8?q?Wo+TuQ5zzIe4iT2r4G3vTvzyuVPGS/y+94GR7SOylE6/VfOY00kseRrpOvn3vtphs?= =?utf-8?q?II8qI53DIdl00+ZlRYJvg/QC1qK9+o5UTamZl6wpJUws4k9B5aSD96Gi1sQWPdvmi?= =?utf-8?q?kSGgjn5PhZegBDRFXlb0Zts8f7avVrDd2lMhnOqvAjz9bHPw9XX1QJwZFXKVfxc8t?= =?utf-8?q?tfu98aPjxByj6Rm3jsoYA4unXed1XiId+ylEkMMHBKywpGAMaI4qhRhgbnmOyKwri?= =?utf-8?q?A6VAqHBip2IVOCVmsDG4WNAlIQRdDSxDxK9DW4H2b86fd7JsSW5fm10g0qMDMDo3u?= =?utf-8?q?MopRY/DcQVrq84fRasBi+MVvClkBfA171Z2jgWZxBGrwOLtxfJwzGaE/rDNo+BRRM?= =?utf-8?q?DtAY8PtJCMCS/j2GBXAVM07o+9nlNSKtEGNoh7f7QKF9RpmLrQ/OffS8=3D?= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:zh-cn;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PUZPR04MB6316.apcprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024)(38070700018);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?utf-8?q?BKoUFEpF+8xE6dJ1RKT7P3TXNmSN?= =?utf-8?q?8k6T2ifqRXgTcKTYEyCTH5fW9pWrzsptPAdjEPz4DDiuaj7KU1dP6DWK6+aQB96Ci?= =?utf-8?q?TOe9hsbKk6pNTB/D4x+QXu4C7pV5XK+2YFIvuzGQmH45qNxrM/Y6+zHKnyrEDUdXO?= =?utf-8?q?BKLkiB2nivM626Ec3tpYSgmzNFJqmmtbtYeq27XvdH96emJxLH7r8Y69zQJ7wjvqW?= =?utf-8?q?oj2VM/rCYbzS5aWObn0Te8TP6PtKUpb6S4o0fFoJ7RlchD1/ZQwoxtTrmMCNUs3OJ?= =?utf-8?q?wOznaRjoA1mnlII7nToHqkYo8ZGZH3ckMLYr1jx7LZiQpU4Dbt/9yqnedrIhsVHPu?= =?utf-8?q?3+BhiQElKUoBtOAnxgaiSnvOvR5cG5GxFp++5WIAgmHdclUBkh8STyjnGgVxUWYpm?= =?utf-8?q?Grp/wtpoToC0MHID8bZv5aQMTgPF07jUxi/LJ8YE1gK5f1wXLwxH9OiyfYpVXFAmD?= =?utf-8?q?KyTiBD7L4mXHJV2l6uye0LcJmFpEuSvfYpegHYKyaJReqs09UNrEgYbX72lPBA9OH?= =?utf-8?q?Qgiu+W5XmCK1QWa4c+QEa/P8o2iEzwZQD/9Wmgp+Wc1nTPa0Xp/vaeP+3YrLNuO9c?= =?utf-8?q?PGRsYOHfqPXHxcKJXx4phqC67FrEka/VQr6HoQK6WFPxFFiLYFuDqN4s7f+EttQdo?= =?utf-8?q?whnHVJkJHleCsMieAvsr+qL74MdG56grVpBksGdLt4Ekfq0a3v203YWNfy9/Rw8AW?= =?utf-8?q?1PK4tXyVXYSflWxLIqMTEYqso8Y7sXIEew0h0V65JqCgPHZc+HWc9UPIjq9gx+iC8?= =?utf-8?q?s1iRyeyPeGTlX9yjLsmR+X+vYspkNLAaH24GlYh5MldkYh5uiQOGNj74LyZDeCvkZ?= =?utf-8?q?RzFbp8VMTg82PWZXJQNStw2NN2Di/RfVJkTWWACnfZqtg1g+0UZrWkdBYJhWJjd+i?= =?utf-8?q?FIFgGIc2loHXns71BTUgI6HhwYg+1ZNL/MuPTQiFU5SV39IfJWqPTlpQX9nxdM/Mq?= =?utf-8?q?IM/oQ+YTOplvKnMVVw5HYtFvC/wJ+F9KfbfnS3lADKgF3wwSLj4nRpX3auh0+4z+f?= =?utf-8?q?6/DimgJIv2+sXDGpfHUczxEdi62YKTbPz6ZxeFX2cLNui5ctolHeDYqZuXweuTKkd?= =?utf-8?q?DzOikj//N3Y3kctMiqTXdN+5HjSujQqRbjeHIoUenfY0b6RCbtg7LQMHrmos6iqo/?= =?utf-8?q?awpWHRcQUdAg1li9hVzn4MwNvU402pKWvYSYVMq52XueCtiz0l3mPeEbyHV8nfR3x?= =?utf-8?q?sviPdjEcMTIz4UO1m5TkKOPQUMedEUzFI8DTHHtlKSPjbuInc6AJDh7xhjcCiKL5S?= =?utf-8?q?IDhW+CdjDBOvkytlGPCPq7d1t2IxM9B6Y4LhVrbmi4uN2dZrvGe3WNhy5NNm8/Wkh?= =?utf-8?q?5uWdW5qUSj97BIjNHgnQqe1eFBcsiJSzkmC1efWYXrqNGWIn38eFAnkmPkx4mm28C?= =?utf-8?q?i0fJHsR99SWEThd7t8tpzy2Tk3qLKNgbUUz056NGW4Ovayy3YFmiS6FX3N2DzCga6?= =?utf-8?q?eczZJScNvkcqCzvGWHw7W9Hra4zVwfZQiGSFwHkxOXqxnlK3dVY7hiAzA+kK5kqHN?= =?utf-8?q?FKaUO81bmMun?= Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: aWRWKXiMSEbPTwMAzmRAT7Ja/o8BslIG5xRXTk742IqbSnZGQAtnGkOMBhFhobpKus+ewW9/vsWxINYOD2YcfKON6dJw35W8SwXOLMPxlYG4o6ErUBhMZy1+UH1bLXCiK0M8SnxBmjayw7C9hs8MhUUqj4k2RC6yeFNu3uSPaEYVC9WY02Gn8LRFteOFEfIeuBWe8suyDVyvKOUDEs8mCRq3ZjnuBT0mDTjypFaIyu25Udhu4B24iPW/GxwZImJq7T3tqNwQlxtW7jOpmh9OQW52Ur9qd42BgQgEABO30XqBDw4Pocw12/+Kji73xQiitLj/S9hdjHV6FUwkXN5gjUhpcoO88bhaCGhSIkK+h6qyYxnBNklAePN+uOzNI/t1V1ra8/MZ2h8l4AKGZWWiwO11nui1baG1jmT3uHRFg+wWUw7SAcFoKGdy8twrQWtMiBhvJzyA9dr84AduXlf0AAY091UbLPBJCuM2ljRyNh65CSjvsDysoUHRqfVSmmu1EkROB/CMgAmtVZlB4DvM1/FagZf8PWP0sS6duCy7UL9GgJEPFCqCHdO/kqeS/I3gRSvjSA8Gw7vmSKToeNbJbWXM8N56K9qk9Mp+QtkLWNFRUnwEA2lfCOm9Ph5ghIUG X-OriginatorOrg: sony.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PUZPR04MB6316.apcprd04.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: f9a52bce-40cd-4420-d723-08dcf8b70e76 X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Oct 2024 07:47:08.4905 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 66c65d8a-9158-4521-a2d8-664963db48e4 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: nOAIi9vOH912EYHEZTBEHWYbpooCL/YphAfrf3xa7XSgjG48tfw5ZkiJY0gVXkHZ9T0x2yIp2owigXkq4b723w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: KL1PR04MB7707 X-Proofpoint-ORIG-GUID: exYZ2MMG2ym94K4pdSBFYSb8eWpgWi2s X-Proofpoint-GUID: exYZ2MMG2ym94K4pdSBFYSb8eWpgWi2s X-Sony-Outbound-GUID: exYZ2MMG2ym94K4pdSBFYSb8eWpgWi2s X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.62.30 definitions=2024-10-30_06,2024-10-30_01,2024-09-30_01 In the case of the directory size is greater than or equal to the cluster size, if start_clu becomes an EOF cluster(an invalid cluster) due to file system corruption, then the directory entry where ei->hint_femp.eidx hint is outside the directory, resulting in an out-of-bounds access, which may cause further file system corruption. This commit adds a check for start_clu, if it is an invalid cluster, the file or directory will be treated as empty. Signed-off-by: Yuezhang Mo Co-developed-by: Namjae Jeon Signed-off-by: Namjae Jeon --- fs/exfat/namei.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/fs/exfat/namei.c b/fs/exfat/namei.c index 2c4c44229352..98f67e632ad1 100644 --- a/fs/exfat/namei.c +++ b/fs/exfat/namei.c @@ -637,14 +637,26 @@ static int exfat_find(struct inode *dir, struct qstr *qname, info->size = le64_to_cpu(ep2->dentry.stream.valid_size); info->valid_size = le64_to_cpu(ep2->dentry.stream.valid_size); info->size = le64_to_cpu(ep2->dentry.stream.size); + + info->start_clu = le32_to_cpu(ep2->dentry.stream.start_clu); + if (!is_valid_cluster(sbi, info->start_clu) && info->size) { + exfat_warn(sb, "start_clu is invalid cluster(0x%x)", + info->start_clu); + info->size = 0; + info->valid_size = 0; + } + + if (info->valid_size > info->size) { + exfat_warn(sb, "valid_size(%lld) is greater than size(%lld)", + info->valid_size, info->size); + info->valid_size = info->size; + } + if (info->size == 0) { info->flags = ALLOC_NO_FAT_CHAIN; info->start_clu = EXFAT_EOF_CLUSTER; - } else { + } else info->flags = ep2->dentry.stream.flags; - info->start_clu = - le32_to_cpu(ep2->dentry.stream.start_clu); - } exfat_get_entry_time(sbi, &info->crtime, ep->dentry.file.create_tz,